Category: Ransomware

Ransomware Attack on Scottish Environmental Agency

The Scottish Environmental Protection Agency was struck by a ransomware attack on Christmas Eve 2020 that shut down its internal networks.

This affected a major part of its systems including the contact centre, many internal systems, processes and internal communications.

Some experts believed that the attack had all the hallmarks of Russian organized cybercriminals, but that wasn’t proved.

A significant amount of data was stolen which included business information, procurement information, commercial operations and employee data.

The attack used Conti malware and some 20 files of confidential data was leaked on a Conti leaks site to push SEPA into paying the ransom.

SEPA involved the Police, the Scottish government, the National Cyber Security Centre and recovery experts to assist with removing the ransomware from their systems and recovering as much of their data as could be done.

SEPA prioritised the services most needed by the public and it took weeks for them to get back to fairly normal operations.

It is believed that they did not pay any ransom.

The lesson is clear – take better cyber precautions and always have off-site backups of everything important.

If you have any experiences with this ransomware do let me know, by email.

Fightback Ninja Signature

Man United Ransomware Attack

Manchester United football club experienced a ransomware attack in late 2020. They were held to ransom for millions of pounds by cyberhackers who targeted the club’s computer systems and demanded payment to stop them from releasing sensitive data.

It is a difficult decision for any business – pay up or risk seeing highly sensitive information being wiped out or leaked into the public domain.

The club were clear from the start that the attack was very serious but it did not impact on their schedule of matches.

United brought in a team of technical experts to contain the attack and they informed the Police and the National Cyber Security Centre (NCSC).

The NCSC revealed that in 2019 an English Football league club was hit with a £5m ransomware demand. They were unable to access their CCTV or use entry turnstiles, but its’s not believed that they paid anything.

It took weeks of effort to get things back to normal following the attack and United could face fines of up to £18 million or two per cent of their total annual worldwide turnover from the Information Commissioner’s Office if the attack is found to have breached their fans’ data protection.

The NCSC has previously warned that there is a growing threat to sports clubs.

It took roughly 2 weeks for United IT staff and outside experts to regain control of the situation. It is believed they did not pay the attackers.

The episode was embarrassing for United and they are still under investigation by the Information Commissioner’s Office.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

The Database Ransomware Attack

A standard ransomware attack is where someone claims to have hacked your computer systems and has access to your private or business documents, photos etc. and will make them public unless you pay a ransom or has encrypted your files and will only decrypt them at a cost.

That ransom is usually payable in Bitcoin as such payments cannot be tracked or reversed.

This variant of the scam is about databases.

The blackmailer claims to the radio station to have hacked our website and copied the databases then threatens the following, unless we pay $3,000 in Bitcoin within 5 days.

  • To sell the databases to the highest bidder
  • To publish all emails they have found
  • To attack any of our customers and associates they have details for
  • To delink any links we have setup
  • To damage our reputation any way they can

The whole message seems to be one of desperation.

It is all fake of course. Just idle threats in the hope that someone will feel vulnerable enough to pay up.

The message consists of generalities and threats – there is nothing to show that an actual hack has taken place.

If you receive ransom demands of this kind, they are almost always entirely fake.

A real hacker would contact you directly and show evidence of hacked data or documents.

If you’ve experienced a real hack – do let me know by email.

Fightback Ninja Signature